dotfiles for AI coding agents

ctrl+shft

ctrl defines the rules.
shft executes them.

Every developer using Claude Code or Copilot hits the same walls. Context degrades mid-task. Instructions drift between machines. Secrets leak into the conversation. Irrelevant rules load for every project. One repo fixes all four.

Quick Install View on GitHub →
# bootstrap in two commands
git clone github.com/arndvs/ctrl.git ~/dotfiles
✓ cloned
 
bash ~/dotfiles/bin/bootstrap.sh
✓ CLAUDE.md symlinked
✓ skills/ → ~/.claude/skills/
✓ agents/ → ~/.claude/agents/
✓ secrets/ created from templates
✓ shell integration wired
✓ supply chain hardened
 
# ready
context integrity  ·  cross-machine sync  ·  secret isolation  ·  progressive context loading  ·  autonomous loops  ·  surgical changes  ·  context integrity  ·  cross-machine sync  ·  secret isolation  ·  progressive context loading  ·  autonomous loops  ·  surgical changes  ·  context integrity  ·  cross-machine sync  ·  secret isolation  ·  progressive context loading  ·  autonomous loops  ·  surgical changes  · 
01 — THE PROBLEM

Every developer
hits the same walls

Context Decay

Context degrades mid-task. The agent repeats itself, compaction loses nuance, quality drops. A fresh conversation has no idea where things left off.

Instruction Drift

Instructions drift between your laptop and VPS. Different machines run different rules. There's no single source of truth.

Secret Exposure

Secrets leak into agent context. API keys, tokens, passwords visible inside the conversation — or worse, logged somewhere they shouldn't be.

Rule Pollution

Irrelevant rules load for every project regardless of stack. Next.js rules on a PHP project. PHP rules in a Python repo. Noise drowning signal.

02 — HOW IT WORKS

One repo,
every machine

Context Integrity
Persistent Plans

When context gets high, the agent writes its plan to working/. A fresh conversation continues exactly where the old one left off — no repetition, no lost nuance.

working/
└─ plan.md    # persisted state
└─ research.md # cached explorations
Stack-Aware Rules
Progressive Loading

detect-context.sh scans your working directory. A Next.js project loads Next.js rules. Nothing from PHP. Nothing from Python. Only what matches.

# auto-detected on cd
ACTIVE_CONTEXTS=general,nextjs,node,ts
# loads matching instructions/*.md
Secret Isolation
Two-Tier Secrets

Agents see config, never credentials. run-with-secrets.sh injects API keys into a child process — they vanish on exit. Deny rules block env, printenv, and cat secrets/*.

.env.agent   # agent-visible config
.env.secrets # process-scoped only
# credentials vanish on exit
Git-Synced
Clone Once, Pull Forever

Clone to ~/dotfiles on your laptop, your VPS, anywhere. git pull updates every machine simultaneously. Bootstrap is idempotent — safe to re-run anytime.

# update everywhere at once
cd ~/dotfiles && git pull
bash bin/bootstrap.sh
03 — THE PIPELINE

Intent to
commit

/grill-me
Interrogate you about a feature until shared understanding. One question at a time, recommended answers.
/write-a-prd
Explore codebase, interview you, sketch module boundaries, write Product Requirements Document (PRD), submit as GitHub issue.
/prd-to-issues
Break the PRD into vertical slices. Label each AFK or HITL. Create GitHub issues with dependencies.
/do-work
Understand → Plan → Implement → Validate → Commit. Auto-detects your stack's feedback loops. Loops until done.
shft
Pick issues from the backlog, implement in a Docker sandbox, commit, repeat. Runs AFK until backlog is empty.
04 — SKILLS

What the
agent knows

/do-work
Understand → Plan → Implement → Validate → Commit
/grill-me
Interrogate until shared understanding, one question at a time
/write-a-prd
Explore, interview, write PRD, submit as GitHub issue
/prd-to-issues
Break PRDs into labeled vertical slices
technical-fellow
Vertical slices, dependency graphs, acceptance criteria
⚡ auto-invoke
skill-scaffolder
Scaffold new skills from production-tested patterns
explore
Decompose, spawn parallel sub-agents, synthesize summary
⚡ auto-invoke
research
Cache exploration into research.md with lifecycle management
⚡ auto-invoke
codebase-audit
Real problems only, grouped by severity. No manufactured issues.
⚡ auto-invoke
improve-architecture
Shallow-module clusters → parallel design agents → GitHub RFC
⚡ auto-invoke
/tdd
Red-green refactor. Failing test → implement → refactor.
systematic-debugging
Root-cause-first — investigate → pattern → hypothesis → fix
⚡ auto-invoke
+ Add private skills: skills/_local/your-skill/SKILL.md — auto-discovered, gitignored.
05 — SUBAGENTS

Isolated
specialists

Each subagent runs in an isolated context window with its own system prompt and tool restrictions. Exploration stays out of your main conversation.

code-reviewer
Bugs, security, logic errors — not style nits. Finds what actually matters in a diff.
sonnetread-onlypersistent memory
researcher
Deep codebase exploration, architecture mapping. Builds a mental model without polluting yours.
sonnetgrep / globpersistent memory
security-auditor
OWASP Top 10, secrets exposure, config hardening. Paranoid by design.
sonnetread-onlypersistent memory
06 — PRINCIPLES

Baked-in
discipline

Four behavioral rules in global.instructions.md, addressing the most expensive AI failure modes: building wrong things, overengineering, drive-by refactoring, and vague success criteria — derived from Andrej Karpathy's observations on LLM coding pitfalls and adapted here for this workflow to bias toward correctness over speed.

1
Think Before Coding

Surface confusion before acting. Present multiple interpretations. Name assumptions explicitly. Push back when simpler exists. Clarifying questions come before implementation, not after a wrong turn.

"Stop when confused — ask, never pick an interpretation silently."
2
Simplicity First

Minimum code that solves the problem. No speculative features. No abstractions for single-use code. If 200 lines could be 50, rewrite it. Prefer straightforward solutions a senior engineer would call obvious and maintainable.

"Would a senior engineer say this is overcomplicated? If yes, simplify."
3
Surgical Changes

Touch only what you must. Match existing style exactly. Don't refactor what isn't broken. Every changed line traces to the user's request. Mention adjacent issues, but don't fold unrelated cleanup into the same diff.

"Mention unrelated dead code — don't delete it."
4
Goal-Driven Execution

Define success criteria. Loop until verified. Transform imperative tasks into verifiable goals with acceptance criteria at each step. Convert vague asks into outcomes that can be tested and proven.

"Write a test that reproduces it, then make it pass."
How you know it's working: fewer unnecessary diff lines, fewer overengineered rewrites, cleaner scope boundaries, and verification steps that are visible before a task is marked done.
07 — SECURITY

Agents see config,
never credentials

Two tiers. run-with-secrets.sh injects credentials into a child process only — they exist for its lifetime and vanish when it exits. Deny rules block any attempt to read them.

File In Shell? Agent-Visible? Contains
.env.agent YES YES Usernames, hosts, IDs
.env.secrets NO NO API keys, tokens, passwords
Deny rules block env, printenv, cat secrets/*, and echo $*KEY* at the agent level. Agents can't accidentally inherit what they can't see.
08 — SHFT

ctrl defines the rules.
shft executes them.

Not a framework. A bash loop that runs Claude against your GitHub issues backlog — sandboxed in Docker for AFK mode, direct on host for HITL. Exits when the backlog is empty.

Human In The Loop
HITL
Runs once while you watch. Use when learning, reviewing each step, or validating a new task type before going fully autonomous.
Away From Keyboard
AFK
Loops in Docker sandbox. Claude picks a task, implements, commits, closes the issue, picks the next. You review PRs async.
Status: infrastructure ready, testing in HITL mode. Requires Claude Max, Docker Desktop, and 5–10 well-formed GitHub issues.
09 — INSTALLATION

Running in
minutes

1
Clone
git clone https://github.com/arndvs/ctrl.git ~/dotfiles
Always clone to ~/dotfiles — hardcoded across 40+ references.
2
Bootstrap
bash ~/dotfiles/bin/bootstrap.sh
Idempotent. Symlinks CLAUDE.md, skills/, agents/, rules/. Creates secrets from templates. Wires shell integration.
3
Configure secrets
$EDITOR ~/dotfiles/secrets/.env.agent   # non-sensitive config
$EDITOR ~/dotfiles/secrets/.env.secrets # API keys and tokens
4
Sync VS Code settings
bash ~/dotfiles/bin/sync-settings.sh
Enables the instruction discovery chain. Run with --dry-run first to preview changes.
5
Reload shell
source ~/.bashrc
Activates context detection on cd and secret loading.
View on GitHub →
MIT License  ·  macOS / Linux / WSL
ctrl+shft  ·  define the rules  ·  execute the work  ·  git pull to update everywhere  ·  credentials vanish on exit  ·  context persists between conversations  ·  ctrl+shft  ·  define the rules  ·  execute the work  ·  git pull to update everywhere  ·  credentials vanish on exit  ·  context persists between conversations  ·